How do I increment my count field of my document from logstash?

Question

I want to update one field of my document/log in elasticsearch from logstash.

My logstash conf file

input { 
    http {
    host => "127.0.0.1" # default: 0.0.0.0
    port => 31311 # default: 8080
  }
}

output { 
  stdout { codec => json },
  elasticsearch {
        action => "update"
        bind_host => "127.0.0.1"
        bind_port => 9200
        document_id => "ET00009682"
        index => "in12"
        type => "event"
  }
}

I want to increment my count field by one how do I specify that in my output of logstash.

Note: I know to update i need to use this script

"script" : "ctx._source.count += 1"

but I am not sure where to place it in output of logstash?

Kindly help thanks

score 3 · Answer 1 · answered Aug 26 '16 at 01:46

you can do it with the conf:

output { 
  stdout { codec => json },
  elasticsearch {
        action => "update"
        bind_host => "127.0.0.1"
        bind_port => 9200
        document_id => "ET00009682"
        index => "in12"
        type => "event"
        doc_as_upsert => true
        script => "ctx._source.count += 1"
        script_lang => "groovy"
        script_type => "inline"
  }
}

score 0 · Answer 2 · answered Aug 25 '15 at 07:56

You Need to use the metric filter where you have a counter : https://www.elastic.co/guide/en/logstash/current/plugins-filters-metrics.html

filter {
  metrics {
    meter => [ "thing" ]
    add_tag => "metric"
  }
}

You will receive a field name : thing.count which will be your count field

score 0 · Answer 3 · answered Aug 26 '15 at 09:48

0

So what i did was fired a curl request from output of logstash to achieve this.

answered Aug 26 '15 at 09:48

nm10

41
1
7

How do I increment my count field of my document from logstash?

3 Answers3

Linked